canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill uses strong steering language and persona-adoption techniques (e.g., 'to achieve human-crafted quality (not AI-generated)', 'looks like it took countless hours'). While these are used to improve aesthetic output quality rather than bypass safety filters, they resemble techniques used to override default AI identity behaviors.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted user input to form the basis of the 'Design Philosophy'.
- Ingestion points: User input provided at the start of the task ('What is received: Some subtle input or instructions by the user').
- Boundary markers: Absent; there are no delimiters or instructions to the agent to treat user-provided text as data only.
- Capability inventory: The skill is limited to generating text (.md), and binary documents (.pdf, .png). It lacks network access, file system writes (other than final output), or command execution.
- Sanitization: None; the input is directly used as the 'foundation' for the generated content.
- [DATA_EXPOSURE & EXFILTRATION] (SAFE): No evidence of credential access, sensitive file paths, or non-whitelisted network requests.
- [REMOTE_CODE_EXECUTION] (SAFE): No external dependencies are downloaded or executed. The skill only generates static document types.
Audit Metadata